Salt logo

Principal / Lead Penetration Tester

Salt Melbourne, Victoria, Australia

onsitefull-time
Posted Feb 23, 2026Apply by Mar 25, 2026

Role & seniority: Senior Offensive Security Leader; second-in-command to the Penetration Testing Manager; responsible for defining and evolving the practice.

Stack/tools: modern platforms across web, API, mobile, cloud, infrastructure and hardware; familiarity with penetration testing frameworks and methodologies (OWASP, OSTMM, WAHH, etc.); focus on AI/automation impacts on offensive security.

Top 3 responsibilities

  1. Shape the future of penetration testing—set direction, maturity, and ambition; establish testing strategy, pipelines, scope, and prioritisation.

  2. Act as 2IC to the Penetration Testing Manager; provide leadership, stability, judgment, and senior-stakeholder guidance.

  3. Lead and uplift a team of testers; ensure high-quality outputs through technical review, coaching, process improvement, and cross-domain engagement (web, APIs, mobile, cloud, infra, hardware); embed technical ethics.

Must-have skills

  • Proven experience leading penetration testing in a large/complex organization.

  • Deep hands-on expertise across web, API, mobile, cloud, infrastructure, and hardware.

  • Strong grounding in penetration testing frameworks (OWASP, OSTTMM, WAHH, etc.) and secure testing methodologies.

  • Credibility to challenge and influence senior stakeholders; clear, confident communication of complex risk.

  • Advanced security certifications (e.g., OSEP, AWAE, CREST, SANS Advanced) or equivalent.

Nice-to-haves

  • Experience uplifting teams and sett

Full Description

We’re looking for a senior offensive security leader to step into a pivotal role within a high-performing Cyber Security team — someone who doesn’t just run penetration testing, but defines what it becomes next.

This is a rare opportunity to shape the future of penetration testing, act as 2IC to the current manager, and help steer the team through the disruption of AI, automation, and rapidly evolving threat landscapes.

If you’re someone others rely on, trust, and look to for direction — this role was built for you.

What you’ll be trusted to do

  • Grow and shape the future of penetration testing, setting direction, maturity and ambition
  • Act as second-in-charge to the Penetration Testing Manager, providing leadership, stability and judgement
  • Navigate the turmoil of AI and automation, translating emerging risk into practical offensive capability
  • Drive the team into the unknown — future threats, new tooling, new attack surfaces
  • Be the person people rely on — technically, ethically and professionally
  • Set the standards for quality, rigour and reporting — and be the shining beacon others measure against
  • Establish and embed technical ethics across offensive security practices
  • Lead, mentor and uplift a talented team of penetration testers
  • Oversee and deliver penetration testing across web, APIs, mobile, cloud, infrastructure and hardware
  • Shape testing strategy, pipelines, scope depth and prioritisation across a complex environment
  • Ensure consistently high-quality outputs through technical review, coaching and process improvement

What you’ll bring

  • Proven experience leading penetration testing in a large, complex organisation
  • Deep hands-on expertise across modern platforms (web, API, mobile, cloud, infra, hardware)
  • Strong grounding in penetration testing frameworks and methodologies (OWASP, OSTTMM, WAHH, etc.)
  • The credibility to challenge, influence and guide senior stakeholders
  • A genuine passion for ethical hacking, continuous learning and technical excellence
  • Experience uplifting teams and setting a long-term vision, not just delivering tests
  • Advanced security certifications (OSEP, AWAE, CREST, SANS Advanced or similar)
  • Clear, confident communication — especially when explaining complex risk

Why this role stands out

  • This isn’t a “run the same playbook” role.
  • It’s about setting the playbook, being trusted to lead through uncertainty, and helping define how offensive security evolves in an AI-accelerated world.

If you’re ready to step into a role where your judgement, ethics and leadership truly matter — we’d love to hear from you.

multi-location

Cookies & analytics consent

We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.

Read how we use data in our Privacy Policy and Terms of Service.